Google fixes two actively exploited zero-day vulnerabilities in Android


Google has patched 62 vulnerabilities in Android, including two actively exploited zero-days in its April 2025 Android Security Bulletin. When we say “zero-day” we mean an exploitable software vulnerability for which there was no patch at the time of the vulnerability being exploited or published.

The term reflects the amount of time that a vulnerable organization has to protect against the threat by patching—zero days. The April updates are available for Android 13, 14, and 15. Android vendors are notified of all issues at least a month before publication, however, this doesn’t always mean that the patches are available for all devices immediately.

Read more…
Source: Malwarebytes Labs


Sign up for our Newsletter
The latest news and insights delivered right to your inbox.


Related:

  • “Dirty stream” attack: Discovering and mitigating a common vulnerability pattern in Android apps

    May 1, 2024

    Microsoft discovered a path traversal-affiliated vulnerability pattern in multiple popular Android applications that could enable a malicious application to overwrite files in the vulnerable application’s home directory. The implications of this vulnerability pattern include arbitrary code execution and token theft, depending on an application’s implementation. Arbitrary code execution can provide a threat actor with full control ...

  • New “Goldoon” Botnet Targeting D-Link Devices

    May 1, 2024

    In April, FortiGuard Labs observed a new botnet targeting a D-Link vulnerability from nearly a decade ago, CVE-2015-2051. This vulnerability allows remote attackers to execute arbitrary commands via a GetDeviceSettings action on the HNAP interface. As a result, an attacker can create a crafted HTTP request with a malicious command embedded in the header. Fortinet IPS ...

  • UK: Cyber attack recovery could cost council £500,000

    May 1, 2024

    The total cost of restoring systems following a cyber attack could cost the Western Isles local authority Comhairle nan Eilean Siar £500,000. A suspected ransomware attack in November caused significant disruption to IT systems at the local authority. The impact led to some bills, including council tax, being delayed. Malcolm Burr, the council’s chief executive, said ...

  • The State of Ransomware 2024

    April 30, 2024

    The fifth Sophos State of Ransomware Report reveals the real-world ransomware experiences of 5,000 organizations around the globe, from root cause through to severity of attack, financial impact, and recovery time. Based on the findings of a survey of IT/cybersecurity leaders across 14 countries, this year’s report combines year-on-year insights with brand new areas of study. ...

  • India Recorded 79 Million Cyber Attacks In 2023, Ranks 3rd Globally

    April 30, 2024

    India ranked as the third-largest country globally for phishing attacks after the US and UK, with its technology sector facing nearly 33 per cent of all such strikes, marking it as the most targeted industry, according to a report. The report by cybersecurity firm Zscaler showed a 60 per cent rise in global phishing attacks over ...

  • Hull City Council suffers nine cyber attacks in three years

    April 30, 2024

    Hull City Council has paid £30,000 in data breach claims and suffered nine cyber attacks in the past three years, a report has found. The local authority confirmed it’s had nine cyber security incidents since 2021, five of which were phishing attacks (scams where attackers deceive people into revealing sensitive information). An investigation by DataBreachClaims.org.uk revealed ...